Monday, October 7, 2024
HomeSecurity NewsSmartwatches and Fitness Trackers can Spy Your ATM PIN Number & Unlock...

Smartwatches and Fitness Trackers can Spy Your ATM PIN Number & Unlock Smartphone

Published on

IoT extends the connectivity of physical devices beyond the standard devices, it affects the daily lives of the users and their information security.

Wearables increase the efficiency of data gathering, researchers from the University of Michigan and the University of South Carolina found it is possible to add thousands of steps to a Fitbit using sound waves at different frequencies.

Experts believe that IoT could contain more than 30 billion objects by 2020 and its market value could reach $7.1 trillion by 2020.

- Advertisement - EHA

Security researchers from Kaspersky published a research report on examining how wearable signals within wearable devices could allow attackers to intrude victims’ privacy and to gain access to the corporate network of the company they associated.

Most of the smartwatches are cyberphysical systems that controlled by computer algorithms and they are equipped with sensors like magnetometers, accelerometers, and gyroscopes that logs user data.

Kingwear KW88 and PYiALCY X200 smartwatches are selected for this study due it’s simplicity of writing apps for them and they developed a simple app for the study.

Tracking the Victim

With smartwatch inbuilt accelerometers and gyroscopes signals readings, it can be assumed the user activity at the moment.

When the user is walking, the hand wearing the smartwatch oscillates like a pendulum. Pendulum swings are a periodic process, so it can be assumed that the user was walking at that moment.

Pic Courtesy: SecureList

In another segment there no change with the periodic oscillations but the change in the accelerometer signal envelope axis. Possibly it could be a public transport with stops.

Another time slice is with short periods of activities and unexpected hand movements, researchers assumed the person could probably indoors.

Pic Courtesy: SecureList

PIN codes

According to researchers, it is possible to capture a PIN code based on the accelerometer and gyroscope signals from a smartwatch.

By deciphering the three axes of the accelerometer and gyroscope signals, a random person pin code can be detected with a minimum accuracy of 80%.

Computer and smartphones unlocking

For unblocking the device the hand movements and corresponding acceleration are minimal. Based on the cross-correlation of data for the corresponding axes of the accelerometer and gyroscope.

Smallest cross-correlation function values obtained for unlocking smartphones (up to 64%), and for computer password it is the largest (up to 96%).

Researchers concluded that “without a doubt, portable cyber-physical systems expand the attack surface for potential intruders. The recorded signals can be transmitted by the phone to the attacker’s server whenever the latter has access to the Internet.”

“So an unassuming fitness app or a new watch face from the Google Play store can be used against you, right now in fact”.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...

Email Header Analysis – Verify Received Email is Genuine or Spoofed

Email Header Analysis highly required process to prevent malicious threats since Email is...